Are you one of those who breathe bits and bytes over the air all the time, then this article is a must read for you. Recently an investigation conducted in London has showcased how easy it is to get access of your email, finance , social networking and other details when you are using public WiFi in places such as Cafes, Hotels, Metro Stations etc. In Jan 2015, a similar experiment showcased how a 7 year old hacked public wifi.
The investigation was done jointly by Security and privacy software company F-Secure and penetration testing expert Mandalorian Security Services and Cyber Security Research Institute to conduct the test. The test was conducted on three politicians with their consent.
Image for illustration only |
The politicians, deliberately selected from the most powerful chambers
in UK politics, were Rt. Hon. David
Davis MP, Mary Honeyball MEP and
Lord Strasburger. The exercise was
carried out with the permission of the politicians who, despite holding
important positions within the different parliaments, admitted that they had
received no formal training or information about the relative ease with which
computers can be breached while using public Wi-Fi – a service they all
admitted to using regularly.
Commenting on his email being accessed, Davis said: “Well, it’s pretty
horrifying, to be honest. What you have extracted was a very tough password,
tougher than most people use. It’s certainly not ‘Password’.” Alarmingly, the
password would have been broken no matter how strong it was. Public Wi-Fi is
inherently insecure - usernames and passwords are shown in plain text in the
back of a Wi-Fi access point, making them simple for a hacker to steal.
To underline the risk, an email was drafted by ethical hackers
Mandalorian and left in his drafts folder destined for the national press,
announcing his defection to UKIP. His PayPal account was then compromised, as
it used the same username and password as his Gmail – a common habit.
In the case of Lord Strasburger, a Voice over IP (VoIP) call he made from
a hotel room was intercepted and recorded using technology freely available on
the Internet, and relatively easy to master. Strasburger said, “That’s very
worrying. This is very powerful equipment. The thought that a beginner could be
up and running in a very few hours is really worrying. I think it proves that
people (when they are using technology) need to know a lot more about it. In
the end, they have to look after themselves, because it really is down to you,
no one else is going to do it.”
Mary Honeyball MEP, who sits on the EU committee responsible for the ‘We
Love Wi-Fi’ campaign, was browsing the Internet in a café when the ethical
hacker sent her a message seemingly from Facebook which invited her to log back
into her account, as it had timed out. This was how she unwittingly gave her
login credentials to the hacker, who then accessed her Facebook account.
Honeyball, who was using a tablet issued to her only days before by the
European Parliament’s technology officers, was particularly concerned about the
lack of advice she had been given. “I think something should be done because we
all think that passwords make the whole thing secure. I always thought that was
the point of passwords. I am surprised and shocked,” she said.
Each hack not only demonstrated the simple steps a hacker can take to
circumvent password protected services, but also how the personal data could be
used for further attacks. “The average person will think that a hacker knowing
which sports team I follow is a pretty useless piece of information,” said Steve Lord, director at Mandalorian.
“But once he knows that, he can craft a phishing email specifically for you and
your likes, knowing that you will be more likely to open it. Once you click on
a link within that email or open an attachment, they have you – they will load
malware onto your devices and then you will end up giving away all of your
information. Not only that, but your company information too, if you use your
devices to access the company network.”
Sean Sullivan, Security Advisor at
F-Secure, has this advice for people using public Wi-Fi: “People shouldn’t be
afraid to use public Wi-Fi – it’s a fantastic service. But they must understand
that there are risks and it is their responsibility to protect themselves. This
is simply done using a piece of software called a Virtual Private Network (or
VPN). For phones and tablets, these are available as an app. Our Freedome VPN
will encrypt all data travelling from the device to the network, meaning that
the hacker will steal nothing of use. Simply turning it on gives you the best
protection you can possibly have to stay safe over public Wi-Fi, so you can
focus on what you’re doing instead of worrying about staying safe.”
0 comments:
Post a Comment